/**
 * <li>文件名：LoginPurviewCheckFilter.java
 * <li>说明：
 * <li>创建人： 曾明辉
 * <li>创建日期：2008-12-8
 * <li>修改人： 
 * <li>修改日期：
 */
package com.gp.base.filter;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.gp.base.util.StrUtil;


/**
 * 
 * <li>类型名称：
 * <li>说明：验证是否登录的过滤器
 * <li>创建人： 曾明辉
 * <li>创建日期：2008-12-8
 * <li>修改人： 
 * <li>修改日期：
 */
public class LoginPurviewCheckFilter implements Filter {
	public static String SUPER_NAME;    //超级用户名
	public static String SUPER_PASSWORD;//超级用户密码
	
	
	public static String USER_SESSION_NAME ="user";
	public static String USER_SESSION_DEPT_NAME ="user_Dept";
	public static String USER_SESSION_DISMODULEFUN ="disModuleFun";
	public static String RELOGIN_JSP;
	private Map<String, String> urlMap;
	private String disallowUrl = "/disallow.jsp";
		
	public LoginPurviewCheckFilter() {
		super();
	}

	public void init(FilterConfig config) throws ServletException {
		SUPER_NAME = config.getInitParameter("superName");
		SUPER_PASSWORD = config.getInitParameter("superPassword");
		
		RELOGIN_JSP = config.getInitParameter("reloginJsp");
		if(RELOGIN_JSP == null){
			System.out.println("请配置重新登陆的JSP地址！");
		}
		urlMap = new HashMap<String, String>();
		
		String beforeLoginUrl = config.getInitParameter("beforeLoginUrl");
		if(beforeLoginUrl == null){
			System.out.println("请配置登陆前允许访问的URL，多个URL可用逗号间隔！");
		}
		String [] urls = beforeLoginUrl.split(",");
		for (String url : urls) {
			url = url.trim();
			if(! "".equals(url)){
				urlMap.put(url, url);
			}
		}
		
	}

	@SuppressWarnings("unchecked")
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain filterChain) throws IOException, ServletException {
		
		HttpServletRequest httpRequest = (HttpServletRequest)request;
		HttpServletResponse httpResponse = (HttpServletResponse)response;

		String contextPath = httpRequest.getContextPath();
		String currentURL = httpRequest.getRequestURI();
		String targetURL = currentURL;
		if(StrUtil.isNotEmpty(contextPath)){
			targetURL = currentURL.substring(currentURL.indexOf("/", 1),	currentURL.length());
		}
		if(targetURL.indexOf("?") != -1){
			targetURL = targetURL.substring(0,targetURL.indexOf("?"));
		}
 
		
		if(httpRequest.getSession().getAttribute(USER_SESSION_NAME) == null){//未登录			
			if(urlMap.get(targetURL) == null || targetURL.equals("")){
				String url = contextPath+ RELOGIN_JSP + "?message=还未登录或会话失效，请登录！" ;		
				httpResponse.sendRedirect(StrUtil.toUTF8(url));
				return;
			}
			else{
				if(targetURL.endsWith(contextPath + "/index.jsp") == true){//登录提示信息
					String message = httpRequest.getParameter("message");
					if(message != null && ! message.equals("")){
						httpRequest.setAttribute("message", message);
					}
				}
			}
			
		}
		else{//已登录
			if(targetURL.endsWith(".action") == true){//Action需要验证功能权限
				
				String keyUrl = targetURL.substring(0,targetURL.lastIndexOf(".action"));
								
				if(keyUrl.lastIndexOf("/") != -1){
					keyUrl = keyUrl.substring(keyUrl.lastIndexOf("/")+1);
				}
				Object obj = httpRequest.getSession().getAttribute(USER_SESSION_DISMODULEFUN);
				if(obj != null){
					Map<String,String> disModuleFunMap = (Map<String,String>)(obj);
					
					if(disModuleFunMap.containsKey(keyUrl)){//用于事后控制
						String message = "您没有<" + disModuleFunMap.get(keyUrl)+ ">权限，请与管理员联系！";
						String url = contextPath + this.disallowUrl + "?message="+message;
						httpResponse.sendRedirect(StrUtil.toUTF8(url));
						return;
					}
				}
				String action = keyUrl;
				if(action.indexOf("!") != -1){//获得Action
					action = action.substring(0, action.indexOf("!"));
				}
				
//				httpRequest.setAttribute(PurviewTag.PURVIEW_ACTION_NAME, action);//设置访问的action名
				
			}			
		}

		httpResponse.setHeader("cache-control","no-store"); 
		httpResponse.setHeader("pragrma","no-cache"); 
		httpResponse.setHeader("expires","0");
		
		filterChain.doFilter(httpRequest,httpResponse);
	}

	
	public void destroy() {

	}

}
